Skip to content

feat: Add OAuth2 authentication flow for Coder #151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Oct 15, 2025
Merged

feat: Add OAuth2 authentication flow for Coder #151

merged 13 commits into from
Oct 15, 2025

Conversation

f0ssel
Copy link
Contributor

@f0ssel f0ssel commented Oct 12, 2025
edited
Loading

Added OAuth2 sign-in button to CoderAuthInputForm allowing users to
authenticate via Coder's OAuth2 provider instead of manually entering tokens.

Created new backend plugin (@coder/backstage-plugin-coder-backend) to handle
OAuth2 callback flow, exchange authorization codes for access tokens, and
securely communicate tokens back to the frontend via postMessage.

Screen.Recording.2025-10-12.at.5.17.55.PM.mov

f0ssel
f0ssel commented Oct 12, 2025
View reviewed changes
@f0ssel f0ssel requested a review from Parkreiner October 12, 2025 22:45
f0ssel
f0ssel commented Oct 13, 2025
View reviewed changes
packages/app/src/components/catalog/EntityPage.tsx Outdated
Comment on lines 136 to 142
accessUrl: 'https://dev.coder.com',
},

oauth: {
clientId: '09cd00cf-9517-401c-9601-3712f187b53c',
backendUrl: 'http://localhost:7007',
},
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've been having trouble piping config from appConfig data into the frontend apps, so this is still hard coded to get things working for now.

f0ssel
f0ssel commented Oct 13, 2025
View reviewed changes
plugins/backstage-plugin-coder/dev/DevPage.tsx Outdated
Comment on lines 26 to 29
oauth: {
clientId: '09cd00cf-9517-401c-9601-3712f187b53c',
backendUrl: 'http://localhost:7007',
},
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same appConfig issue here

f0ssel
f0ssel commented Oct 13, 2025
View reviewed changes
app-config.yaml
Comment on lines +8 to +13
coder:
deployment:
accessUrl: https://dev.coder.com
oauth:
clientId: ${CODER_OAUTH_CLIENT_ID:-backstage}
clientSecret: ${CODER_OAUTH_CLIENT_SECRET:-change-me}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this should be here or somewhere else, but is useful for development.

@f0ssel
feat: Add OAuth2 authentication flow for Coder
04d9ab2 
Added OAuth2 sign-in capability to the Coder Backstage plugin, allowing
users to authenticate via Coder's OAuth2 provider instead of manually
entering tokens.

Frontend changes:
- Added 'Sign in with Coder' OAuth2 button to CoderAuthInputForm
- OAuth button opens popup window for better UX
- PostMessage-based token exchange between popup and parent window
- Configurable via appConfig.oauth.clientId and appConfig.oauth.backendUrl
- Falls back to manual token entry if needed

Backend changes:
- Created new backend plugin (@coder/backstage-plugin-coder-backend)
- Handles OAuth2 callback at /api/auth/coder/oauth/callback
- Exchanges authorization codes for access tokens
- Returns tokens to frontend via postMessage
- Configurable OAuth credentials via app-config (coder.oauth.*)

Key features:
- Clean separation between frontend and backend concerns
- Secure token exchange with configurable backend URL validation
- Maintains existing manual token entry as fallback option
f0ssel
f0ssel commented Oct 13, 2025
View reviewed changes
app-config.yaml

coder:
deployment:
accessUrl: https://dev.coder.com
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe unused

f0ssel
f0ssel commented Oct 14, 2025
View reviewed changes
plugins/backstage-plugin-coder/config.d.ts
Comment on lines +1 to +28
export interface Config {
/**
* @visibility frontend
*/
coder: {
/**
* @deepVisibility frontend
*/
deployment: {
accessUrl: string;
};

/**
* @visibility frontend
*/
oauth: {
/**
* @visibility frontend
*/
clientId: string;

/**
* @visibility secret
*/
clientSecret: string;
};
};
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool I had no clue how to do this lol

@Parkreiner Parkreiner marked this pull request as ready for review October 14, 2025 17:55
Parkreiner
Parkreiner approved these changes Oct 15, 2025
View reviewed changes
Copy link
Member

@Parkreiner Parkreiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving so this can get merged in. We tested out a few different flows, and while the backend doesn't have any tests yet, we do still feel reasonably sure that things work

@Parkreiner Parkreiner merged commit eb19112 into main Oct 15, 2025
4 checks passed
@Parkreiner Parkreiner deleted the f0ssel/oauth2 branch October 15, 2025 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Parkreiner Parkreiner Parkreiner approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@f0ssel @Parkreiner